A major exploit on the decentralized exchange Hyperliquid has resulted in one trader losing roughly $21 million, reigniting debate over the security of self-custodied assets in DeFi.
Blockchain investigators from PeckShield revealed that attackers accessed a private key linked to Hyperliquid’s Hyperdrive lending protocol. The stolen assets – nearly 18 million DAI and just over 3 million SyrupUSDC, a derivative of the USDC stablecoin – were later transferred to Ethereum. How the key was exposed remains unclear, though on-chain evidence points to a deliberate and targeted breach.
The incident arrives at a time when Hyperliquid has been enjoying explosive growth. Its points-based rewards program, credited with attracting tens of thousands of users, recently distributed an airdrop to more than 94,000 wallets. According to DefiLlama, trading activity exceeded $3.5 billion in the past week alone, making the timing of the exploit especially damaging for the platform’s reputation.
Rising Popularity Meets Familiar DeFi Risks
Decentralized platforms have regained momentum this year, but the same openness that attracts traders continues to expose them to severe security risks. With no centralized authority to reverse transactions, a single compromised wallet can mean irreversible losses.
Analysts emphasize that even experienced traders are vulnerable if security habits slip. The most common advice remains unchanged: store only small amounts of crypto in online wallets for active trading and keep the majority in cold storage, away from internet exposure.
Fake customer support accounts and phishing links disguised as “authorization pages” are among the leading threats facing DEX users. Hyperliquid’s own documentation warns that private keys must never be shared – not even when setting up API wallets.
Industry Calls for Caution
Following the exploit, exchange MEXC urged its users to review wallet permissions through tools like Etherscan’s Token Approvals section, noting that attackers often exploit overextended approvals to drain funds.
Cybersecurity firm CertiK’s latest data shows that in 2025, decentralized platforms and crypto exchanges remained the top targets for exploits, accounting for the majority of funds lost to hacks.
As the investigation continues, Hyperliquid’s case stands as another reminder that while DeFi offers freedom and control, it also demands constant vigilance.
The information provided in this article is for educational purposes only and does not constitute financial, investment, or trading advice. Coindoo.com does not endorse or recommend any specific investment strategy or cryptocurrency. Always conduct your own research and consult with a licensed financial advisor before making any investment decisions.
Source: https://coindoo.com/hyperliquid-hit-by-major-exploit-after-private-key-compromise/